Walgreens Consumer Class Action Lawsuit

Consumer Class Action Complaint Against Walgreens

Walgreens Consumer Class Action Lawsuit

Tauler Smith LLP recently filed a consumer class action complaint against Walgreens because the retail behemoth is allegedly selling Phenazopyridine Hydrochloride (Phenazo), an unapproved over-the-counter UTI drug, to unsuspecting customers in violation of California’s consumer protection laws. The class action suit, which was filed in federal court in California, alleges that Walgreens uses misleading advertising to deceptively sell Phenazo to treat urinary tract infections even though the drug is unsafe, ineffective, and unlawful to market to consumers.

For more information about the Walgreens UTI drug lawsuit, keep reading this blog.

What Is the FDA Approval Process for Over-the-Counter Drugs?

The U.S. Food and Drug Administration (FDA) regulates the safety and effectiveness of prescription and nonprescription drugs sold in the United States. Before over-the-counter drugs like Phenazo can be sold to consumers, they must be approved by the FDA. This can happen in one of two ways:

  1. The drug goes through the standard FDA approval process, which involves submitting a New Drug Application (NDA).
  2. The drug receives a drug monograph.

A drug monograph is a process that drug manufacturers can utilize to get their products approved for specific therapeutic uses in a particular category. In other words, a drug monograph is a way around the requirement for FDA approval as a finished drug.

New Drug Applications

Under authority granted by the Federal Food, Drug, and Cosmetic Act (FDCA), the FDA typically requires drug manufacturers to submit a New Drug Application (NDA) or an Abbreviated New Drug Application (ANDA) and provide clinical trial data to demonstrate the safety of a new drug before they can market it as a finished drug product.

When the FDA requested data on the safety and efficacy of all OTC urinary antiseptics/analgesics not yet reviewed by the FDA, the request included Phenazopyridine Hydrochloride (Phenazo). In this notice, the FDA stated that Phenazo had not been the subject of an approved NDA, meaning that the UTI drug’s safety was not demonstrated to the satisfaction of the federal regulatory agency.

OTC Drug Monographs

An OTC drug monograph allows drug manufacturers to lawfully market certain over-the-counter drugs based on the safety of a drug’s active ingredients. The monograph process involves a “rule book” that defines specific conditions under which an OTC drug may be considered safe and effective in a given therapeutic category. Under this approach, a manufacturer does not need FDA approval to bring the nonprescription drug to market because only certain ingredients are being marketed as safe for a particular use within a particular therapeutic drug category.

What Is Phenazopyridine?

Phenazopyridine Hydrochloride (Phenazo) is an over-the-counter drug used to treat symptoms of urinary tract infection (UTI), including urinary pain, burning, and discomfort. UTI is a medical condition that disproportionately impacts women, particularly women in underserved communities.

Millions of Americans trust pharmacies to sell them safe, effective, and lawful remedies for their illnesses, including urinary tract infections. For these consumers, pharmacies are the primary point of purchase for over-the-counter drugs, as well as the primary source of information for over-the-counter medications. Reliance on OTC medications is heightened in underprivileged communities where residents are more vulnerable to illness and health concerns due to lack of access to medical care.

Phenazo is marketed and advertised as a drug for urinary tract infections – but the UTI drug has not been approved by the FDA, which means that stores like Walgreens should not be selling it as an over-the-counter treatment.

Walgreens Sued for False Advertising of UTI Drug Phenazo

Argueta v. Walgreens Co. is a high-profile consumer class action lawsuit against the Walgreens Company, which operates the second-largest pharmacy store chain in the United States. The lawsuit, which was filed in the U.S. District Court for the Eastern District of California, accuses the pharmacy of unlawfully selling Phenazopyridine Hydrochloride (Phenazo) over the counter and marketing the misbranded drug as a finished drug product called “Urinary Pain Relief.”

The Walgreens class action alleges that Phenazo has never been approved by the FDA under the NDA/ANDA process, nor has Phenazo ever been brought to market under an established OTC drug monograph. In other words, the drug is allegedly being marketed and sold by Walgreens in violation of California consumer fraud laws.

Walgreens Accused of Violating California’s Unfair Competition Law (UCL)

Walgreens has been accused of violating California’s Unfair Competition Law (UCL) by selling the unapproved OTC drug Phenazo. The UCL is a far-reaching consumer protection statute that applies to many different kinds of unethical business practices, including hidden shipping insurance surcharges, false reference pricing, and deceptive advertising of over-the-counter drug products. The statute explicitly prohibits any “unlawful, unfair or fraudulent business act or practice,” as well as “unfair, deceptive, untrue or misleading advertising.” The basis for the class action lawsuit against Walgreens is that the pharmacy allegedly sells the Phenazo product in a manner that is likely to deceive the public about whether the drug is approved by the FDA and therefore lawful to sell over the counter.

Importantly, the UCL is a strict liability statute. This means that the plaintiff in a UCL claim does not need to show that the defendant intentionally or negligently engaged in fraudulent business practices; all that is needed is a showing that the unfair practice or act occurred. In other words, anyone who purchased an over-the-counter UTI drug product from Walgreens may be entitled to multiple forms of compensation, including restitution, statutory damages, and punitive damages.

Did You Purchase a UTI Drug at Walgreens? Call the California Consumer Protection Lawyers at Tauler Smith LLP

The California consumer protection lawyers at Tauler Smith LLP have filed a class action lawsuit against Walgreens over the sale of Phenazopyridine as an over-the-counter treatment for urinary tract infections. The proposed class of consumers eligible for the lawsuit includes anyone who purchased the Walgreens UTI product in California during the last four (4) years.

Call 310-590-3927 or email us to schedule a free consultation.

Tony Robbins CIPA Lawsuit

CIPA Lawsuit Against Tony Robbins Company

Tony Robbins CIPA LawsuitA CIPA lawsuit against the Tony Robbins Company was recently filed in a California superior court. The self-help business has been accused of secretly wiretapping the communications of website users in violation of the California Invasion of Privacy Act, or CIPA. Beyond that, the company has been accused of allowing third parties to use digital surveillance tools to monitor user behavior and eavesdrop on visitor conversations without express or implied consent, which is also a violation of state consumer privacy laws.

To learn more about the class action complaint against the Tony Robbins Company, keep reading.

Class Action Complaint Against Robbins Research International

The defendant in the invasion of privacy case is Robbins Research International, Inc., which operates www.tonyrobbins.com. This is the official website of Tony Robbins, a celebrity self-help guru. Consumers in California and elsewhere access the website to purchase books, programs, and tickets to events on how to master all aspects of their lives.

The case, Haviland v. Robbins Research International, Inc., is being heard in the Los Angeles County Superior Court. The class action complaint alleges violations of the California Invasion of Privacy Act (CIPA), including illegally wiretapping internet communications, as well as aiding, abetting, and paying third parties to eavesdrop on internet conversations.

Illegal Wiretapping

The defendant has been accused of surreptitiously implanting code the Tony Robbins website that allows for the unauthorized recording of private conversations. The civil suit also alleges that the website code allows for the creation of transcripts of these conversations with site visitors. Both acts are violations of the California Invasion of Privacy Act (CIPA), which requires companies to obtain permission from customers before recording online conversations.

Due to the nature of the defendant’s business, customers who use the Tony Robbins website often disclose sensitive personal information via the website chat feature. This information goes beyond mere “record information” like the user’s name and address; it includes confidential information such as the user’s IP address, geolocation information, browsing history, and search history. The data collected by the defendant could enable the creation of detailed profiles about individuals for the purpose of delivering targeted advertisements specifically tailored to their personal interests. Significantly, the data collected from customers who use the website chat feature is allegedly harvested without consent.

Tony Robbins Company Accused of Sharing Customer Data with Third Parties

One of the major allegations in the civil suit against Robbins Research International is that the company allows a third party to collect a bevy of personal information from website visitors without their consent or knowledge. According to the complaint, the Tony Robbins company has entered into financial agreements with a third-party company, UserWay, to embed code into the website’s chat function. This code allegedly enables UserWay to covertly intercept and monitor the chat conversations in real time without the knowledge or consent of site visitors. In other words, the chats that users believe are taking place on the Tony Robbins website are actually occurring on UserWay.

According to the lawsuit, the company’s website privacy policy never discloses to users that the company can share and sell site visitors’ personal information to third parties. The unauthorized sharing of users’ personal information with third parties is a clear violation of the California Invasion of Privacy Act (CIPA). Moreover, the defendant’s alleged behavior is particularly egregious because website users have a reasonable expectation of privacy when they use a seemingly harmless chat box feature on www.tonyrobbins.com.

Customer Data Exposed

The defendant’s actions leave consumers exposed to significant privacy risks because their personal information is allegedly shared with a wide range of entities – and without any clear limitations or safeguards on how that personal information may be used.

Additionally, the lawsuit raises serious concerns about whether this digital privacy violation could further compromise the privacy and control of users’ information by opening the door for the dissemination of personal data to other entities for cross-context behavioral advertising purposes. This kind of invasive practice could subject users to relentless advertising campaigns across multiple platforms – without their consent or knowledge.

How Companies Violate the California Invasion of Privacy Act (CIPA)

The California Invasion of Privacy Act (CIPA) explicitly prohibits both wiretapping and eavesdropping of electronic communications unless all parties to the communication have first provided consent. Most website operators comply with these legal requirements by conspicuously warning visitors if their conversations will be recorded or if any third parties will be eavesdropping on them.

The invasion of privacy law is written in terms of wiretapping, with language barring companies from using a “machine, instrument, or contrivance” to illegally record and eavesdrop on conversations. But it is important to note that courts have found that Cal. Penal Code § 631(a) applies to internet communications. This means that any company that attempts to learn the contents of a website communication without the consent of all parties can be sued for violating the law.

The specific part of the digital privacy statute that Robbins Research International has been accused of violating is Section 631(a), which imposes liability on companies that invade the privacy of consumers. Section 631 is technically a criminal statute, but it does provide a mechanism for victims to bring a civil lawsuit and recover monetary damages.

Call the Los Angles Consumer Protection Attorneys at Tauler Smith LLP

The consumer protection lawyers at Tauler Smith LLP are representing California residents in a class action lawsuit against Robbins Research International. If you visited the Tony Robbins website and used the chat feature, you may be eligible to join the class action complaint. Call 310-590-3927 or email us today to schedule a free consultation.

Cannabis Class Action Lawsuit

Tauler Smith LLP Successfully Defends THC Potency Class Action

Cannabis Class Action Lawsuit

A California court granted Tauler Smith LLP’s motion to dismiss without leave to amend in a deceptive pricing class action alleging mislabeling of THC potency. The plaintiffs specifically alleged that the cannabinoid content in the defendant’s infused joints did not match what was on label. Tauler Smith’s skilled Los Angeles class action defense attorneys filed a demurrer to the class action based on the discrepancy between the plaintiffs’ purchases and the potency tests that formed the basis of plaintiffs’ claims.

To learn more about Tauler Smith’s latest legal victory, keep reading this blog.

California Consumer Laws on Cannabis Advertising and THC Content

Recreational marijuana is a multi-billion-dollar business in the states where it is legal, which includes California. In fact, it is estimated that California is the largest cannabis market in the world. Although there are no clear federal regulations of cannabis sales, California agencies do regulate marijuana product sales within the state. For example, the California Department of Cannabis Control allows just a 10% margin of error for THC content listed on product packaging and labels. If the THC potency amount listed on the package is not close enough to the THC potency amount of the actual product, then a court may find that the company selling the products engaged in false advertising.

One reason that cannabis product labels may promise higher potency is that consumers are typically willing to pay more for weed with a stronger concentration of THC, which stands for Delta-9-tetrahydrocannabinol. Marijuana with a higher percentage of THC can deliver a more euphoric “high” for users.

Class Action Lawsuit: Ayala v. Central Coast Agriculture

Central Coast Agriculture is a California-based progressive farm that focuses on sustainability. The company is also a licensed cannabis cultivator, and some of its products are sold under the Raw Garden brand name. According to the original complaint against Central Coast Agriculture, the consumer-plaintiffs purchased two products: a Raw Garden Infused Joints three-pack in the “Sunset Cookies” strain, and Raw Garden Infused Joints in the “Caribbean Slurm” strain. The plaintiffs alleged that the marijuana products were mislabeled because the amount of THC contained in the products was substantially lower than the amount stated on the packaging: 25 percent THC potency versus 44 percent THC potency.

The plaintiffs in Ayala et al. v. Central Coast Agriculture, Inc. filed a class action lawsuit under a number of consumer protection statutes, including the California Consumers Legal Remedies Act (CLRA), the California Unfair Competition Law (UCL), and the California False Advertising Law. The case was heard in the Superior Court of California, County of Santa Clara, and the Honorable Theodore C. Zayner ruled on the litigants’ pre-trial motions.

Tauler Smith LLP Wins Defense Demurrer in Class Action Lawsuit

A demurrer is a legal challenge to a specific claim made in court, much like a motion to dismiss in federal court. When determining whether to grant a demurrer, courts will typically assume that all the facts alleged in the pleading are true, no matter how improbable they might be. If the plaintiff’s case is still unlikely to succeed even under these circumstances, then the motion for demurrer may be granted by the court.

The defendant in Ayala v. Central Coast Agriculture was represented by Los Angeles law firm Tauler Smith LLP. Our class action defense attorneys demurred to all causes of action in the case because the plaintiffs failed to allege sufficient facts. Specifically, the defense attorneys objected because the plaintiffs were unable to sufficiently demonstrate that the marijuana products purchased actually contained less THC than the amount listed on the product labels.

California Class Action Defense Lawyers Win THC Potency Case

The Santa Clara Superior Court sustained defense counsel’s demurrers on every cause of action in the case, which represented another huge pre-trial victory for the Tauler Smith LLP law firm. Moreover, the court held that the legal arguments were so overwhelmingly in favor of the defendant that the plaintiffs should have no leave to amend their complaint. In other words, the plaintiffs’ complaint was dismissed entirely.

In its ruling, the court held that the plaintiffs’ class action complaint relied on several faulty assumptions about the products they purchased, as well as the lab results cited in the lawsuit:

  1. Testing was done too late. The court noted that the THC lab tests were conducted roughly two (2) months after the original purchases, which cast serious doubt on how relevant the tests might be in the case. The court further noted that there was nothing in the plaintiffs’ lawsuit about when the joints tested by the WeedWeek researchers were produced or sold. This meant that the plaintiffs had no way of knowing how long the products were on the shelves before being tested.
  2. Not the same products. The court also said that the plaintiffs failed to show that the joints tested by WeedWeek were the same as the products at issue in the lawsuit. There was no evidence that any lab tests were conducted on the particular “Sunset Cookies” strain of marijuana purchased by one of the plaintiffs. (The plaintiffs suggested that a “Fire Walker” THC product tested by researchers was “substantially similar” to the “Sunset Cookies” strain, but the court rejected this argument.) Beyond that, only a single pre-rolled joint of the “Caribbean Slurm” strain was tested, which was an insufficient analog of the particular product purchased by the other plaintiff. Even the WeedWeek article authors characterized their testing as an “imperfect experiment” with conclusions that do not necessarily apply to any individual brand, company, or product.
  3. No information on product labeling. The court stated that there was zero information about the labelling of the products tested by the lab researchers and cited by the plaintiffs. This meant that the plaintiffs failed to prove that the THC amounts listed on the packages they purchased were the same as the THC amounts listed on the packages of the products being tested.
  4. Failed to account for testing variables. The court noted other problems with the laboratory test results referenced by the plaintiff in their lawsuit, including the failure of the testers to account for significant variables. For example, there was no information about the products’ temperature exposure, the potential for testers’ bias, or the possibility of human error.
  5. No injury or harm suffered by plaintiffs. The court found that since the plaintiffs failed to show that the marijuana products purchased actually contained less THC than was listed on the product labels, they could not establish that they sustained any injury or damage as a result of their purchases.

The Santa Clara Superior Court held that there was no clear connection between the lab testing results and the plaintiffs’ actual purchases. The testing results could not be applied to the Raw Garden marijuana joints purchased by the plaintiffs because the tests were conducted on different products at different times by different entities using different methods for different purposes. This was a clear and decisive victory for both the defendant and the Tauler Smith LLP litigation team. The legal win was even more impressive because the consumer protection statutes relied on by the plaintiffs tend to be interpreted broadly by California courts and often in favor of plaintiffs.

You Need to Hire the Right Lawyer for Your Consumer Class Action Defense

When ruling on the demurrer in Ayala et al. v. Central Coast Agriculture, Inc., the court concluded that the lab tests relied on by the plaintiffs were insufficient to draw an inference that the products at issue were inaccurately labeled. This was in stark contrast to the ruling in another false advertising case.

Two other consumers recently sued a different California marijuana company, DreamFields Brands, Inc. That class action complaint, which was filed in Los Angeles Superior Court, alleged similar facts: that the plaintiffs purchased pre-rolled joints containing a lower percentage of THC than declared on the product packaging. Additionally, the class action lawsuit cited the same independent lab tests performed by WeedWeek. The defendant in that lawsuit was represented by a different law firm, and those lawyers were unsuccessful in getting the case dismissed.

The dissimilar results in these cases should make one thing abundantly clear: hiring the right lawyer to represent you in your class action defense could be the difference between winning and losing.

Contact the California Class Action Defense Lawyers at Tauler Smith LLP

Class action lawsuits filed in California courts are notoriously complicated, particularly when they involve consumer protection claims. That’s why it is imperative that defendants in these cases be represented by the experienced California class action defense lawyers at Tauler Smith LLP. Our litigation team has extensive experience representing defendants in false advertising cases, including both private civil actions and class actions.

Call or email us today for a free initial consultation.

CPRA Employee Privacy Rights

Employee Privacy Rights Under the CPRA

CPRA Employee Privacy Rights

The California Privacy Rights Act (CPRA) is a consumer protection law that was approved by California voters in 2020. The CPRA placed significant restrictions on how companies may collect, store, use and share consumer data. In addition to protecting consumers, the CPRA also established a number of data privacy rights for employees of companies that operate in California. Employee privacy rights under the CPRA are robust: workers whose personal data is collected by their employers can take legal action when that data is misused.

To learn more about how the CPRA safeguards employee privacy rights, keep reading this blog.

CPRA Requirement: Notification and Disclosures to Employees

Under the California Privacy Rights Act (CPRA), employees of qualifying businesses have the right to be notified by their employers when their personal data is being collected for any reason. Additionally, employers must notify workers about why their personal data is being collected. If your employer has collected your personal information and failed to notify you in advance so that you could provide consent, then they may be in violation of California data privacy laws.

Additionally, the CPRA mandates that employees must be given very specific details about what type of personal information is being collected by their employers. Previous consumer privacy laws broadly protected employees by compelling companies to disclose certain aspects of their data collection procedures. Now, companies must specifically disclose to all employees the precise category of personal information that has been collected in the previous 12 months.

CPRA Gives Employees the Right to Correct Inaccurate Information

Just like consumers, employees also have the right to correct or delete inaccurate information that has been collected. Similarly, employees can opt out of any plans by the company to share their personal information with others. If an employee makes this kind of request, the company has 45 days to honor it.

CPRA Requirement: Businesses Must Maintain an Employee Privacy Policy

The California Privacy Rights Act (CPRA) also strengthened existing data protection laws that require companies to maintain an employee privacy policy explaining the company’s rules and policies about personal data collection. Under the CPRA, employers must not only have a written employee privacy policy, but the policy also needs to be posted so that it is easily accessible by workers.

Additionally, the employee privacy policy must detail exactly what the collected information will be used for, including whether the data will be sold to third parties or shared with third parties.

The CPRA Protects Employees Against Retaliation

The California Privacy Rights Act (CPRA) intersects with California employment law, which means that employees who exercise their digital privacy rights under the consumer privacy statute are protected against retaliation by their employers.

The California Privacy Rights Act Also Protects Consumers

While the California Privacy Rights Act (CPRA) provides explicit protections for employees, the statute’s primary purpose is to ensure that consumer data remains confidential after it has been shared with businesses. One of the main ideas behind the CPRA is that individuals should have control over how their sensitive personal information is used by companies. When a company violates the privacy of customers, or otherwise fails to take reasonable steps to ensure that customer data remains confidential, that company should be held accountable.

The CPRA officially expanded the scope and protections of the California Consumer Privacy Act (CCPA), which already protected consumers against invasions of privacy involving their personal information. The CPRA gives consumers new privacy rights that did not exist under previous consumer privacy laws. These new consumer rights include the ability to correct inaccurate information being retained by companies. More generally, the CPRA ensures that consumers have a legal right to limit how their sensitive personal data is collected, used, and disclosed.

Contact the Los Angeles Employment Lawyers at Tauler Smith LLP

Did your employer monitor your emails, record your phone conversations, or collect your personal information in any other way? California strictly regulates how companies can collect and/or share the information of their workers. The Los Angeles employment lawyers at Tauler Smith LLP possess an in-depth understanding of both employment laws and privacy laws, and we are passionate about protecting employee rights.

Call 310-590-3927 or email us today to discuss your case.

CPRA Consumer Rights

Consumer Rights Protected by the CPRA

CPRA Consumer Rights

When the California Privacy Rights Act (CPRA) was approved by California voters in the 2020 election, it greatly expanded the privacy protections afforded to consumers. The new law also increased the data security obligations of companies operating in the state. The consumer rights protected by the CPRA are important because they address the kind of digital privacy concerns that are prevalent at a time when businesses have access to an unprecedented amount of personal information about customers. When a company violates the CPRA by failing to protect consumer data, they may be subject to substantial fines and exposed to civil liability.

To learn more about how the California Privacy Rights Act protects consumer privacy rights, keep reading.

What Consumer Privacy Rights Are Protected by the CPRA?

The California Privacy Rights Act (CPRA) was intended to strengthen consumer privacy laws already in effect, such as the California Consumer Privacy Act (CCPA). The idea was to protect California residents against invasions of privacy and data breaches when making purchases from businesses or when communicating with businesses online. The statute does this by strengthening consumer rights that existed under the CCPA and by creating new rights that did not previously exist.

These are the existing consumer rights that the CPRA strengthened:

  1. The right to know about any personal data that has been collected by companies.
  2. The right to delete any personal data that has been collected.
  3. The right to opt out of the sale or sharing of personal data with third parties.
  4. The right to be free from discrimination or retaliation for having exercised any of these consumer rights.
  5. The right to bring a private civil action against companies that fail to protect consumers’ personal information against unauthorized access or data breaches.

Additionally, the CPRA created two (2) entirely new consumer privacy rights:

  1. The right to correct personal information that is inaccurate.
  2. The right to limit how “sensitive personal information” is collected, used, and disclosed.

Consumer Right to Correct Inaccurate Personal Data

Under the CPRA, consumers now have the right to request that a business correct any collected information that is inaccurate. Moreover, this right must be disclosed to consumers in a company or website privacy notice. After a consumer has requested that certain information be corrected, the company must use “commercially reasonable efforts” to make the correction.

Consumer Right to Opt Out of Sharing Personal Data

Data privacy was a major focus of lawmakers when the California Consumer Privacy Act (CCPA) was enacted, but the statute may not have gone far enough. While the CCPA gives consumers the right to opt out of the sale of their personal information to third parties, the CPRA gives consumers the same right with respect to the sharing of personal information. Significantly, this consumer privacy right may be exercised regardless of whether the data is being shared for a monetary benefit.

It should also be noted that the data privacy law requires businesses to inform consumers of this right directly on the company website’s homepage. The business must include a conspicuous link with the title “Do Not Sell or Share My Personal Information,” which the consumer can click on to exercise their opt-out right.

New Obligations for Businesses Under the California Privacy Rights Act

The California Privacy Rights Act (CPRA) also increased requirements on businesses to protect the sensitive personal information of consumers against data breaches or other invasions of privacy. For example, businesses are now prohibited from maintaining customers’ personal data for any longer than absolutely necessary.

The CPRA also increased the penalties that companies can face for consumer privacy violations. The statutory fines start at $2,000 for each violation, and they can go as high as $7,500 for a willful violation. Beyond that, the maximum fines can be tripled when the violation involves a child under the age of 16. If a company wants to collect the personal data of consumers under 16 years of age, the young consumer must expressly consent to it. If the consumer is under the age of 13, a parent or guardian must first provide permission before a company can collect personal data.

Additionally, civil penalties may be imposed when the violation involves the theft of customer login information. This means that businesses that expose customer data to a data breach are subject to a lawsuit with significant damages.

Tauler Smith LLP Protects Consumer Privacy Rights in California. Call Us Today.

California law places clear limits on how businesses may use customer information collected during a transaction or website visit. The Los Angeles consumer privacy attorneys at Tauler Smith LLP understand the law and how it protects consumers against unlawful invasion of privacy. We represent plaintiffs in both individual lawsuits and class action lawsuits when a company illegally monitors, collects, shares, or sells a customer’s personal data without permission.

Call 310-590-3927 or send an email to talk to one of our skilled attorneys and explore your legal options.

California Privacy Protection Agency

California Privacy Protection Agency

California Privacy Protection Agency

The California Privacy Protection Agency (CPPA) is a new state agency tasked with enforcing consumer privacy laws, including the California Privacy Rights Act (CPRA). The CPRA explicitly protects individuals’ data privacy rights by both strengthening existing laws like the California Consumer Privacy Act (CCPA) and creating new consumer rights. For example, the CPRA gives consumers the right to correct personal information that is inaccurate, or even to request deletion of the data. The CPRA also requires companies to safeguard customers’ personal information against data breaches. These statutory requirements are strictly regulated and enforced by the CPPA: when a company violates the statute, the CPPA may impose substantial fines.

To learn more about the California Privacy Protection Agency, continue reading.

What Is the California Privacy Protection Agency?

The California Privacy Rights Act (CPRA) amended the California Consumer Privacy Act (CCPA), which provides explicit protections for California residents who share personal information with businesses. Prior to the CPRA becoming law, the California attorney general had rulemaking and enforcement authority with respect to consumer privacy regulations. After the CPRA passed, the California Privacy Protection Agency became the main state agency with authority to enforce these laws.

The California Privacy Protection Agency has a board comprised of five (5) members. The California Governor appoints two board members, including the Chair. Each of the three remaining board seats are appointed by the Attorney General, the Senate Rules Committee, and the Speaker of the Assembly. Each board member will serve in their position for up to eight (8) years before being replaced.

The California Privacy Protection Agency Enforces the CPRA

The main task of the California Privacy Protection Agency is to enforce the state’s consumer privacy laws. If the agency determines that a company has violated the CPRA or another consumer privacy law, they can enforce the statute and impose monetary penalties. Businesses that do not comply with the strict regulations of the CPRA will be subject to severe penalties: a $2,000 fine for each violation, a $2,500 fine when the violation is negligent, and a $7,500 fine when the violation is willful.

The CPRA also allows the state to impose enhanced penalties when digital privacy violations involve minors. If a company unlawfully sells or shares the personal information of a child under the age of 16, they may be fined another $7,500 for each violation. Importantly, the statute imposes strict liability in these instances. This means that the penalties may be imposed regardless of whether the offending company had actual knowledge of the child’s age. The CPRA penalties for consumer privacy violations involving a minor may be imposed on top of any penalties that may apply for violations of the Children’s Only Privacy Protection Act (COPPA).

Consumers May File Civil Suits for Data Privacy Breaches

Data security is a major focus of California’s consumer privacy laws. In cases involving a data breach that exposed a customer’s personal information, the CCPA and the CPRA give victims a private right of action. This means that you may be able to bring a civil lawsuit against the offending company and seek statutory damages. The CPRA states that consumers are eligible to pursue up to $750 for each privacy violation, or they may pursue actual damages – whichever amount is greater.

Call the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

The California Privacy Protection Agency is tasked with enforcing the CPRA, which means that companies that violate the statute can be fined. But victims of an invasion of privacy – such as a data breach that exposed their personal information – can also take legal action by bringing a CPRA claim in state court. The experienced Los Angeles consumer privacy lawyers at Tauler Smith LLP are ready to represent you in a civil suit because we routinely assist plaintiffs in consumer protection lawsuits throughout California.

Call 310-590-3927 or email us to schedule a free initial consultation.


Differences Between CPRA and CCPA


The California Privacy Rights Act (CPRA) passed as a ballot initiative in the 2020 general election. The new consumer privacy law is actually an amendment of an earlier law: the California Consumer Privacy Act (CCPA). The major differences between the CPRA and the CCPA involve the level of protection afforded to consumers. The CCPA established a baseline for protecting consumer privacy rights, while the CPRA significantly expands on those protections by giving consumers additional rights. The CPRA also imposes additional obligations on companies that do business in California.

To learn more about the differences between the CPRA and the CCPA, keep reading this blog.

California Laws That Protect Consumer Privacy

The two main California laws that protect consumers against invasion of privacy are the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). The CPRA amended the CCPA.

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) was passed by state lawmakers in 2018. It was the first state privacy law that addressed the collection of consumer data, as well as the first law to directly confront digital privacy concerns. After the CCPA went into effect, businesses could no longer monitor customer communications and use the data without authorization. Additionally, California consumers now had some control over whether their personal information was collected by companies and, if so, how it could be used.

California Privacy Rights Act (CPRA)

The California Privacy Rights Act (CPRA) applies to any company that solicits customers in California and collects their personal information. The data privacy law gives consumers more control over their personal data by placing restrictions on how businesses can use customer information. When a consumer shares personal information with a business, there are limits on what the business may do with that data.

What Are the Differences Between the CPRA and the CCPA?

There are a number of differences between the California Privacy Rights Act (CPRA) and the California Consumer Privacy Act (CCPA). The CPRA created new rights for consumers and imposed stricter requirements on businesses that collect customer data. Additionally, the CPRA created a new state agency to enforce consumer privacy laws.

New Consumer Privacy Rights

The CCPA was enacted to protect customer privacy, and those protections were broadened in the CPRA so that additional types of personal information are also protected by law. This includes usernames, email addresses, passwords, and security questions. If a company fails to protect against breaches or unauthorized disclosures of this information, they may be subject to liability under the new statute.

One specific example of the additional rights that the CPRA provides to consumers is the ability to opt out of cross-context behavioral advertising. This is defined as targeted advertising that is based on the personal information collected when consumers visit certain websites or use online platforms like Google, Facebook, Instagram, etc. The CPRA explicitly states that companies must allow consumers to opt out when personal data is shared with other companies for the purpose of cross-contextual advertising.

Restrictions on Businesses

The CPRA established broad privacy requirements for businesses, including an obligation for businesses to only collect and use personal information when it is reasonably necessary and proportionate to their stated purposes for collecting or using the information in the first place. Moreover, the CPRA requires companies to specify exactly how long they plan to retain personal data collected from consumers.

California Privacy Protection Agency

The CPRA established the framework for a new state enforcement agency: the California Privacy Protection Agency. This agency is responsible for enforcing not just the CPRA, but all of California’s consumer privacy laws and regulations. Prior to passage of the CPRA, enforcement of those laws was left up to the California Attorney General.

Contact the California Consumer Protection Lawyers at Tauler Smith LLP

If you visited a website and shared your personal information with the company or website operator, it’s possible that your data was exposed. The Los Angeles consumer protection lawyers at Tauler Smith LLP can help you take legal action under the California Privacy Rights Act and receive financial compensation. We regularly represent plaintiffs in both state and federal courts. To find out if you might be eligible to bring a CPRA claim, call 310-590-3927 or email us today.

California Privacy Rights Act

California Privacy Rights Act (CPRA)

California Privacy Rights ActConsumer protection has been of paramount importance to both lawmakers and residents in California for a long time, resulting in extremely strong laws that limit what companies can do with customer data and personal information. One of these laws addressing digital privacy concerns is the California Privacy Rights Act (CPRA), a new consumer privacy law that recently went into effect. The data protection law was passed by California residents through a referendum on the ballot in the 2020 general election. The CPRA was intended to be the most comprehensive consumer privacy legislation in the United States. Along with the California Consumer Privacy Act (CCPA), the CPRA set the standard for government protection of data privacy rights.

To learn more about the California Privacy Rights Act and how it affects both consumers and businesses, keep reading.

Who Does the CPRA Apply to?

Any for-profit company that does business in the state of California and that has significant gross annual revenues is subject to the regulations of the California Privacy Rights Act (CPRA). Additionally, if a company solicits customers in California and collects their personal information at any point, the company may be required to comply with the statute.

The CPRA can also apply to third parties that have been given access to a consumer’s personal data. If a company shared your information with a third party and you subsequently requested that the information be corrected or deleted, the company must pass on the request to the third party. The same is true for service providers and contractors: a company that shares customers’ personal information with these individuals and/or entities must instruct them about the CPRA requirements, and any violations by these other parties could expose the company to liability.

Additionally, the CPRA doesn’t apply only to consumers. CPRA protections also apply to employees who work for companies that monitor and use their data.

What Is the California Privacy Rights Act?

The California Consumer Privacy Act (CCPA) was the first state privacy law. The California Privacy Rights Act (CPRA) amended the CCPA and made California’s privacy laws even more consumer friendly. At the same time, the CPRA also strengthened existing protections for consumers by requiring businesses to comply with much stricter consumer privacy regulations.

New Obligations for Businesses Under the CPRA

The California Privacy Rights Act (CPRA) imposed further obligations on companies that do business in California and collect personal information from customers. For example, the CPRA created new compliance rules for businesses. This includes the elimination of a previous rule that gave companies 30 days to “cure” any violations of the CCPA. Now, any company that violates the CPRA is subject to monetary penalties under the statute.

Additionally, under the CPRA, companies must take affirmative steps to protect customers’ personal information against data breaches. This means that companies must implement reasonable security measures to ensure that personal data is not illegally accessed by others.

Businesses are also required to perform annual cybersecurity audits to confirm that no breaches have occurred. Businesses must submit the results of these audits to the California Privacy Protection Agency, in addition to conducting regular risk assessments that weigh the benefits of collecting consumer information against the security risks.

CPRA Created New Consumer Privacy Rights

The CPRA formally created a number of new privacy rights for California consumers, including the following:

  • Consumers can opt out of sharing their personal information with businesses.
  • Consumers can opt out of allowing businesses to use their “sensitive personal information.” This includes the customer’s Social Security number, driver’s license, state ID card, passport, credit card or debit card, bank account, geolocation data, and emails or text messages. It can also include information about the customer’s racial or ethnic origin, religion, genetic data, health data, and sexual orientation.
  • Consumers have the right to correct any personal data that is inaccurate. This means that businesses must provide customers with a means to review and then correct wrong information.
  • Consumers can legally access information about how the company is storing and using their data, as well as the data retention period.

What Types of Data Are Protected by the CPRA?

Basically, the California Privacy Rights Act (CPRA) protects any information that could be used to identify an individual. This includes things like the person’s name, email address, Social Security number, driver’s license number, state ID card, passport number, bank account or other financial account numbers, credit card or debit card numbers, and physical address.

When a company collects this type of information from a consumer, the consumer has a legal right to be notified. Moreover, once notified, the consumer has the legal right to demand that the information be corrected or deleted.

Sensitive Personal Information Protected by the CPRA

Data security is paramount in an age when information can be misused so easily. That’s why the CPRA places even stricter requirements on companies that collect consumer data deemed to be “sensitive personal information.”

What Is “Sensitive Personal Information”?

The California Privacy Rights Act (CPRA) defines a consumer’s “sensitive personal information” as including any of the following:

  • Social Security number, driver’s licenses, state ID card, or passport.
  • Website or app log-in information.
  • Bank accounts, credit cards, debit cards.
  • Geolocation data that identifies the consumer’s location.
  • Race, ethnicity, or religion.
  • Sexual orientation.
  • Email or text messages.
  • Genetic data.

The CPRA can also be updated by lawmakers in the future to add more categories that would qualify for protection as sensitive personal information. This definitional flexibility is codified in the statute to “address changes in technology, data collection practices, obstacles to implementation, and privacy concerns.”

How Sensitive Personal Information May Be Used

The CPRA places limitations on how businesses may use customers’ sensitive personal information. A business can only use this type of information to the extent necessary to perform services or provide goods reasonably expected by the consumer. Any use beyond this scope violates the statute.

Disclosures About Sensitive Personal Information

The statute stipulates that businesses must provide clear disclosures about the fact that they are collecting this type of information, as well as disclosures about how the information will be used. For example, a business should create a link on its company website that informs consumers of the collection practices and that gives them the ability to opt out of the collection and/or sharing of their data.

The California Privacy Protection Agency Is Tasked with Enforcing the CPRA

Section 24 of the CPRA created the California Privacy Protection Agency (CPPA), a state agency that implements and enforces the consumer privacy law. The CPPA receives reports of privacy law violations and then conducts investigations to determine whether companies should be penalized under the statute.

The CPPA is not the only state agency that oversees and enforces the CPRA. The California Department of Justice is also heavily involved in enforcing the law and ensuring that consumer privacy rights are protected.

What Are the Penalties for Violations of the CPRA?

The CPRA imposed substantial monetary penalties for noncompliance by companies. These penalties include a fine of $2,000 for each violation.

The penalties may be increased in certain circumstances:

  • $2,500 for each negligent violation of the statute.
  • $7,500 for each willful violation of the statute.

Civil Suits Filed Under the CPRA

The original consumer privacy law, the California Consumer Privacy Act (CCPA), gave consumers whose personal data was compromised a private right of action to bring a civil suit against the company that failed to prevent the data breach and protect consumers against invasions of privacy. But there were limitations on what exactly qualified as a “data breach” under the old statute. Under the new customer privacy regulations of the California Privacy Rights Act (CPRA), the types of data breaches that may expose a company to civil liability are greatly expanded: if a business fails to protect customer information such as an email address, username, password, or security question, the business could be sued by the victim.

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

Are you a California resident? Did you visit a website that collected your personal information without authorization? Was your personal information exposed in a data breach? You may be eligible to recover statutory damages under the California Privacy Rights Act (CPRA). The experienced Los Angeles consumer protection attorneys at Tauler Smith LLP can help you file a complaint with the CPRA and possibly file a civil lawsuit for financial compensation.

Call us today at 310-590-3927 or send an email to schedule a free consultation.

FTC Rule on Automatic Renewals

FTC Rule Proposal on Automatic Renewals

FTC Rule on Automatic Renewals

The Federal Trade Commission (FTC) may soon pass new rules that strengthen federal protections for consumers who purchase products or services that are automatically renewed. The FTC rule proposal on automatic renewals would impose strict requirements on companies that offer automatic renewal subscriptions, or negative options, to consumers. Federal statutes and rules typically refer to automatic renewals as “negative options” because the absence of any affirmative action by the customer is enough to justify the auto-renewal. In other words, silence or inaction by the consumer is construed as acceptance of the auto-renewal contract. The amended FTC rule would make it easier for consumers to cancel their auto-renewal subscriptions, and it would impose civil penalties on companies that violate federal law.

For more information about the proposed amendments to the FTC Rule on Automatic Renewals, keep reading this blog.

What Is the Federal Law on Automatic Renewals?

California consumer protection lawyers are familiar with California’s Automatic Renewal Law (ARL), which regulates businesses that offer auto-renewing subscriptions to consumers in the state. The federal analogue to the ARL is the Negative Option Rule, which has been in effect in every state for 50 years. The Negative Option Rule is enforced through Section 5 of the FTC Act. In this context, automatic renewals are called “negative options” because sellers are allowed to interpret a customer’s silence as implied acceptance of an auto-renewal offer.

There are some major limitations on the Negative Option Rule. For example, the federal law only regulates prenotification plans. This means that the law only applies to companies that attach auto renewals to customer agreements before the sale of products or services.

FTC Proposes Amendment to the Federal Rule on Automatic Renewals

The FTC has proposed amendments to the federal Automatic Renewal Law. The suggested changes to federal law would have a significant effect on many state laws, especially in states that do not already regulate auto-renewal subscriptions. Some of the specific regulations that would be modified or added to federal law under the rule change include:

  • Mandatory upfront disclosures of auto-renewal plans.
  • Penalties for company misrepresentations about auto-renewal plans.
  • Obtaining consumer consent for enrolling in auto-renewal plans.
  • Annual reminders about automatic renewals.
  • Easier cancellation of auto-renewal plans.

Ultimately, the FTC will decide whether to approve or decline the proposed rule changes. The federal agency might also decide to make revisions and then open up the new amendment for public comments.

Auto-Renewal Disclosures

One of the biggest changes being proposed for federal law is to require businesses to disclose any auto-renewal terms in a way that ensures that customers will see the terms. The current federal law stipulates that businesses must place auto-renewal terms in “visual proximity” to a request for consent. By contrast, the new rules would require these disclosures to be “immediately adjacent,” or right next to, any text about customer consent so that the disclosures are easily noticeable or difficult to miss. In other words, companies won’t be able to hide the auto-renewal consent text.

Additionally, the proposed FTC rule calls for companies to disclose particular information before customers can legally consent to an automatic renewal plan:

  • Will payments be recurring?
  • What is the cost of the subscription, including the auto-renewals?
  • When will the subscription first automatically renew, and on what dates or at what intervals thereafter?
  • What is the deadline to cancel the subscription before it automatically renews?
  • What is the process for canceling the subscription?

The amended FTC rules would require companies to provide this information for all types of transactions involving recurring contracts, not just those occurring online. That’s because the rules would apply to offers made on the internet, in print publications and advertisements, during telephone solicitations, and in person at brick-and-mortar retail stores.

Misrepresentations About Auto-Renewal Plans

California consumer fraud lawyers will tell you that the state’s false advertising laws impose severe restrictions on the sales practices of companies that do business in the state. Companies that violate these laws may be subject to both civil liability and criminal penalties for egregious conduct. The proposed FTC rules would go a long way toward catching up with California’s regulations of companies that offer auto-renewal plans by applying federal regulations to misrepresentations about the entire sale agreement. For instance, the federal law would explicitly bar companies from misrepresenting a material fact related to any part of a transaction involving an automatically renewing subscription, even if the misrepresentation has nothing to do with the auto-renewal.

Consumer Consent for Auto-Renewals

The proposed changes to FTC rules would include a requirement that companies obtain affirmative consent from consumers before an auto-renewal contract becomes legally binding. Importantly, the customer’s consent for auto-renewal terms would have to be separate and apart from their consent for the transaction or purchase itself. For example, the business would not be able to hide the auto-renewal agreement or otherwise confuse the customer into thinking that they are only agreeing to the original purchase. As set forth by the recommended FTC rules, the request for affirmative consent from the consumer for the auto-renewal subscription would likely have to be a “check box, signature, or other substantially similar method.”

Additionally, companies will need to maintain a record of the customer-provided consent for a period of at least three (3) years from the date on which the subscription was first approved, or for one (1) year after the subscription has been cancelled.

Annual Reminders About Auto-Renewals

The FTC rule amendment under consideration would require companies to send annual reminders to customers about any auto-renewing subscriptions that involve products or services other than physical goods. The reminder must be sent annually even if it is not a yearly subscription plan. Additionally, these annual reminders would need to be in plain language that clearly identifies the product subscription or service being renewed, the dollar amount of the subscription, the frequency of the renewals, and the process for cancelling the subscription. The reminder would also have to be sent to the consumer in the same manner that they initially provided consent for the auto-renewal plan.

Cancellation of Auto-Renewals

The FTC rule changes would also require businesses to make it easy for customers to immediately cancel their auto-renewal subscriptions. For example, the cancellation option must use simple and easy-to-understand terms. The customer must also be given the ability to cancel through the same method they used to make the initial purchase, meaning that an online purchase could be cancelled on the company’s website.

Another requirement under consideration by the FTC is that companies would not be able to make any additional offers when a customer is attempting to cancel their auto-renewal subscription. These types of offers are known as “save attempts” because they tend to involve the business trying to save the auto-renewal subscription from cancellation. The idea here is that businesses should not be allowed to confuse customers with unclear terms or modifications that might dissuade them from cancelling their subscription.

FTC Rule on Auto-Renewals Regulates Business-to-Business Contracts

The California Automatic Renewal Law (ARL) is considered by many to be the strongest such law in the country, imposing requirements on businesses that go far beyond anything in current federal laws. In at least one way, however, the proposed FTC rule would actually go further than California’s ARL. That’s because the federal law would apply to both consumer transactions and business-to-business transactions.

FTC Enforcement of Federal Auto-Renewal Laws

Amendments to the federal law on automatic renewals would greatly strengthen the ability of the Federal Trade Commission (FTC) to enforce the law and crack down on violators. The FTC proposal would allow the government to seek restitution on behalf of consumers, as well as imposing civil penalties against companies that violate the law.

The federal law does not provide a civil remedy for individual consumers, but they can still seek financial compensation by filing a lawsuit based on state laws like the California Automatic Renewal Law (ARL). The federal law on auto renewals may also make it easier for consumers to file class action lawsuits under state law.

California’s Law on Automatic Renewal Offers

Companies that do business in California must follow stringent requirements when it comes to subscription renewals, including pre-transaction disclosures, affirmative consent, renewal notices, and cancellation policies. The purpose of the California Automatic Renewal Law (ARL) is to end the practice of ongoing charging of consumer credit cards without consumers’ explicit consent.

Some of the specific requirements that the California ARL imposes on companies include the following:

  • Cancellations: Customers must be permitted to cancel their subscriptions online if they initially signed up online. Additionally, the cancellation process must be easy, with no steps that might obstruct or delay the process.
  • Long-term subscriptions: If the subscription is for a period of at least one year before the initial renewal, businesses must send renewal notices to customers to ensure that they are informed. This notice needs to be sent at least 15 days before the subscription is scheduled to be renewed.
  • Free gifts or promotions: If there was a free gift, trial subscription, or promotional discount involved, the company must send a notice of renewal to the customer before the trial period is over.

Call the California Consumer Fraud Attorneys at Tauler Smith LLP

The California consumer fraud attorneys at Tauler Smith LLP represent plaintiffs in civil suits filed in both state and federal courtrooms throughout the country. If you were charged for an automatically renewing subscription that you did not authorize, we can help you pursue restitution and monetary damages. Call 310-590-3927 or email us to discuss your case.

Federal Law on Automatic Renewals

Federal Law on Automatic Renewals

Federal Law on Automatic Renewals

Federal law on automatic renewals has gotten stronger and more far-reaching in recent years. This has come in response to states like California that have started to take the lead when it comes to protecting consumers against deceptive advertising and business fraud. There are several prominent laws at both the California state level and the federal level that govern retail subscription programs and automatic renewal programs, including the FTC Rule on Automatic Renewals. Additionally, both state and federal agencies have begun increasing their enforcement of these laws in recent years. For example, the California Automatic Renewal Task Force (CART) makes sure that businesses comply with California’s Automatic Renewal Law (ARL), while the Consumer Financial Protection Bureau (CFPB) is actively enforcing federal laws regulating negative options and recurring contracts. Before contacting federal or state agencies, consumers who have been billed without consent for an auto-renewal subscription should speak with a qualified consumer protection attorney.

To learn more about the federal law on automatic renewal subscriptions, keep reading this blog.

What Is the Federal Trade Commission Rule on Auto-Renewals?

Companies that do business in California while offering automatic renewal and subscription programs must comply with applicable state and federal laws, including the California Automatic Renewal Law (ARL). In fact, California has served as a model for automatic renewal legislation passed by other states, as well as federal statutes and rules that govern auto-renewals.

Federal law uses slightly different terminology for automatic renewal subscriptions: they are instead referred to as “negative option plans.” Basically, a negative option plan is one that is automatically renewed if the consumer fails to take any kind of affirmative action to cancel or not renew it.

The California false advertising lawyers at Tauler Smith LLP represent plaintiffs in civil litigation both individually and as members of class action lawsuits. We also regularly appear in both state and federal courts, so we are very familiar with the relevant consumer protection laws.

How Is the Federal Automatic Renewal Law Enforced?

The Federal Trade Commission (FTC) enforces federal law on automatic renewals and the Negative Option Rule. Federal guidelines for automatic renewals tend to focus on up-front disclosures from businesses, informed consent from customers, and uncomplicated cancellation procedures.

In addition to the FTC, the Consumer Financial Protection Bureau (CFPB) is also involved in enforcement of federal laws concerning automatic renewal and subscription practices.

Proposed Amendment to FTC Rule on Automatic Renewals

The FTC proposed an amendment to the agency rule on automatic renewals that could have a serious impact on how companies do business in California and other states. When the FTC asked for public input on auto-renewal policies, the response was overwhelming: the federal agency received thousands of comments from consumers who complained that businesses were deceptively renewing subscriptions without consent.

Some pro-business organizations like the U.S. Chamber of Commerce have objected to the FTC’s proposed rules for auto renewal subscription services, which the group says would “impose substantial and burdensome regulations on the business community.” But similar consumer fraud regulations already exist in California: statutes like the Automatic Renewal Law (ARL), the Consumers Legal Remedies Act (CLRA), and the Unfair Competition Law (UCL) all provide strong protections for consumers against companies that do business in the state.

If the FTC rule change is approved and goes into effect, it will certainly affect businesses that offer automatic renewal plans in California and other states. That’s because federal law would allow for the imposition of civil penalties of up to $50,000 for each violation of the law.

Other Federal Laws Regulating Automatic Renewals: ROSCA and TSR

The Federal Trade Commission rule on negative options is the main federal law that governs automatic renewal offers by companies. In addition to the FTC rule, there are a couple of other federal statutes that also apply to automatic renewals:

  • The Restore Online Shoppers’ Confidence Act (ROSCA)
  • The Telemarketing Sales Rule (TSR)

Restore Online Shoppers’ Confidence Act (ROSCA)

Under federal law, there are disclosure requirements for auto-renewal terms when a customer signs up for a subscription online. The Restore Online Shoppers’ Confidence Act (ROSCA) requires companies to clearly and conspicuously disclose “all material terms of the transaction” prior to obtaining the customer’s billing information. ROSCA also imposes on businesses a requirement to obtain express informed consent for an auto-renewal plan before getting customers’ billing information.

Unfortunately for consumers, ROSCA has limited application to auto-renewal plans because it only applies to online purchases.

Telemarketing Sales Rule (TSR)

Another important federal law governing automatic renewals is the Telemarketing Sales Rule (TSR). The TSR requires certain disclosures when a telemarketer offers a product or service that includes an automatic renewal subscription, such as the material terms and conditions of the purchase.

State Laws: What Is the California Law on Automatic Renewals of Subscriptions?

California’s Automatic Renewal Law (ARL) goes even further than federal law by explicitly prohibiting companies from auto-renewing subscriptions without first obtaining affirmative consent from the subscriber. That type of consent can only be given when the customer is aware of what exactly they are agreeing to, so this means companies must “clearly and conspicuously” disclose the subscription terms, including the price of the service, length of the subscription, and any recurring charges. Clear and conspicuous disclosure can be achieved by using all-caps, highlighted text, colored text, boldface font, and anything else that might contrast or differentiate an auto-subscription from other terms or conditions.

Canceling Subscriptions Under California’s ARL

The California Auto Renewal Task Force (CART) is a group of district attorneys in Los Angeles County, San Diego County, Santa Barbara County, Santa Clara County, and Santa Cruz County who enforce the ARL against companies that mislead and deceive California consumers with confusing subscription policies that automatically renew without authorization and that can be difficult to cancel afterwards.

Doug Allen, an assistant district attorney with the Santa Cruz County District Attorney’s Office and also a member of CART, says that the ARL is specifically designed “to make it as easy to get out of [an auto-renewal subscription] as it was to get into it.” The ARL stipulates that businesses must provide full disclosure to customers about the terms and conditions of all subscription renewal plans, including automatic renewals. Additionally, the ARL requires businesses to make it easy for customers to cancel a subscription on the backend.

Most Common Violations of the California ARL

Some of the most egregious violations of the California Automatic Renewal Law (ARL) involve companies that intentionally make it tough for a customer to cancel by bouncing the customer around when they call or email. For example, a retailer might inform the customer that they will need to speak to a “supervisor” who is conveniently never available. This is done with the full intention of ensuring that the customer remains enrolled in the subscription program. When a customer tries to cancel on the company’s website, the site needs to be easy to navigate and the cancellation process needs to be simple. The ARL also prohibits businesses from attempting to drag out the cancellation with an online survey; any surveys must be provided after the cancellation is complete.

Contact the California Consumer Protection Lawyers at Tauler Smith LLP

Tauler Smith LLP is a law firm that handles consumer fraud litigation in both state and federal courts across the United States. Our consumer protection lawyers have extensive experience representing plaintiffs in these matters, so we understand the nuances of automatic renewal laws that may apply in your particular case. If you were billed for a monthly subscription contract that was automatically renewed without your consent, we can assist you. Call or email us now to schedule a free initial consultation.